A potential security vulnerability for some Intel® NUCs may allow escalation of privilege. Intel is releasing firmware updates to mitigate this potential vulnerability.
CVEID: CVE-2020-8742
Description: Improper input validation in the firmware for Intel® NUCs may allow a privileged user to potentially enable escalation of privilege via local access.
CVSS Base Score: 7.5 High
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
Product
|
BIOS Download link
—|—
Intel® NUC 8 Enthusiast, a Mini PC with Windows* 10 - NUC8i7BEHGA, NUC8i7BEKQA
|
Intel® NUC 8 Home - a Mini PC with Windows 10 - NUC8i3BEHFA, NUC8i5BEHFA, NUC8i5BEKPA
|
Intel® NUC Kit - NUC8i3BEH, NUC8i3BEHS, NUC8i3BEK, NUC8i5BEH, NUC8i5BEHS, NUC8i5BEK, NUC8i7BEH, NUC8i7BEK
|
Intel® Compute Card - CD1C32GK, CD1C64GK, CD1P64GK****
|
Intel® NUC 8 Business, a Mini PC with Windows 10 - NUC8i7HNKQC
|
Intel® NUC 8 Enthusiast, a Mini PC with Windows 10 - NUC8i7HVKVA, NUC8i7HVKVAW
|
Intel® NUC Kit - NUC8i7HNK, NUC8i7HVK
|
Intel® NUC Board - NUC7i7DNBE
|
Intel® NUC Kit - NUC7i7DNHE, NUC7i7DNKE
|
Intel® NUC 7 Business, a Mini PC with Windows® 10 Pro - NUC7i5DNKPC
|
Intel® NUC Board - NUC7i5DNBE
|
Intel® NUC Kit - NUC7i5DNHE, NUC7i5DNKE
|
Intel® NUC 7 Business, a Mini PC with Windows® 10 Pro - NUC7i3DNHNC, NUC7i3DNKTC
|
Intel® NUC Board - NUC7i3DNBE
|
Intel® NUC Kit - NUC7i3DNHE, NUC7i3DNKE
|
Intel® Compute Stick - STK2mv64CC
|
Intel® NUC Kit - NUC6i7KYK
|
Intel® NUC 7 Essential, a Mini PC with Windows® 10 - NUC7CJYSAL
|
Intel® NUC Kit - NUC7CJYH, NUC7PJYH
|
Intel® NUC 7 Enthusiast, a Mini PC with Windows® 10 - NUC7i7BNHXG, NUC7i7BNKQ
|
Intel® NUC 7 Home, a Mini PC with Windows® 10 - NUC7i3BNHXF, NUC7i5BNHXF, NUC7i5BNKP
|
Intel® NUC Board - NUC7i3BNB, NUC7i5BNB, NUC7i7BNB
|
Intel® NUC Kit - NUC7i3BNH, NUC7i3BNHX1, NUC7i3BNK, NUC7i5BNH, NUC7i5BNHX1, NUC7i5BNK, NUC7i7BNH, NUC7i7BNHX1
|
Intel® NUC Kit - NUC6CAYH, NUC6CAYS
|
Intel® NUC Board - DE3815TYBE
|
Intel® NUC Kit - DE3815TYKHE
|
Intel® NUC Board - DE3815TYBE, labeled AA numbers: H26998-401, 402, 403, 404 or 405
|
Intel® NUC Kit - DE3815TYKHE, labeled SA numbers: H27002-400, 401, 402, 403 or 404
|
Intel® NUC Kit - NUC5CPYH, NUC5PGYH, NUC5PPYH
|
Intel® NUC Kit - NUC5i3RYH, NUC5i3RYHS, NUC5i3RYHSN, NUC5i3RYK, NUC5i5RYH, NUC5i5RYHS, NUC5i5RYK, NUC5i7RYH
|
Intel® NUC Board - NUC5i5MYBE
|
Intel® NUC Kit - NUC5i5MYHE
|
Intel® NUC Board - NUC5i3MYBE
|
Intel® NUC Kit - NUC5i3MYHE
|
Intel recommends updating the Intel® NUCs listed to the latest BIOS version (see provided table).
Intel would like to thank Alexander Ermolov for reporting this issue.
Intel, and nearly the entire technology industry, follows a disclosure practice called Coordinated Disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available.